Cybercriminals are currently mass mailing tens of thousands of emails impersonating the company, in an attempt to trick its customers into clicking on exploits and malware dropping links found in the legitimate-looking emails.

Responding to the same IP (222.238.109.66) are the following malicious domains:morepowetradersta.comkendallvile.comalphabeticalwin.comehadnedrlop.compostofficenewsas.comparalertamastaercet.comprepadav.commasterseoprodnew.comasmncm.colo4inee.asmncm.coreta4ilse.asmncm.cogonita.netable-stock.netduriginal.neteuronotedetector.netfx-points.netafricanbeat.netensconcedattractively.biz

We’ve already seen the same IP (222.238.109.66) and name servers used in the following previously profiled malicious campaigns, indicating that they’ve been launched by the same party:

Once executed, the sample creates the following files on the affected hosts:C:Documents and Settings<USER>Application DataAlyszkiotp.exeC:WINDOWSsystem32cmd.exe” /c “C:DOCUME~1<USER>~1LOCALS~1Temptmp5600c543.bat

It also creates the following mutexes:Global{5B039399-8854-D5EB-89D3-085A9A492B48}Global{DE680959-1294-5080-7788-B06D6412937F}Global{A45A65F1-7E3C-2AB2-89D3-085A9A492B48}

The following Registry Keys:REGISTRYUSERS-1-5-21-299502267-926492609-1801674531-500SoftwareMicrosoftYnumavREGISTRYUSERS-1-5-21-299502267-926492609-1801674531-500SoftwareMicrosoftWABWAB4Wab File NameREGISTRYUSERS-1-5-21-299502267-926492609-1801674531-500SoftwareMicrosoftREGISTRYUSERS-1-5-21-299502267-926492609-1801674531-500SoftwareMicrosoftWABREGISTRYUSERS-1-5-21-299502267-926492609-1801674531-500SoftwareMicrosoftWABWAB4REGISTRYMACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsListREGISTRYMACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileREGISTRYMACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPorts

It also attempts to connect to the following IPs:14.96.171.17364.219.114.11468.49.120.16570.50.58.4170.136.9.271.42.56.25371.43.217.372.218.14.22376.219.198.17780.252.59.14283.111.92.8387.5.135.4687.203.87.23298.71.136.16898.245.242.245108.83.233.190115.133.156.53151.66.19.166194.94.127.98206.45.59.85